diff --git a/booleans-targeted.conf b/booleans-targeted.conf
index 5c5f9bf..9fa09bd 100644
--- a/booleans-targeted.conf
+++ b/booleans-targeted.conf
@@ -262,3 +262,8 @@ nscd_use_shm = true
 # Allow fenced domain to connect to the network using TCP.
 #
 fenced_can_network_connect=false
+
+# Allow privoxy to connect to all ports, not just HTTP, FTP, and Gopher ports.
+# 
+privoxy_connect_any = true
+
diff --git a/policy-20100106.patch b/policy-20100106.patch
index b0a68c0..66ad0de 100644
--- a/policy-20100106.patch
+++ b/policy-20100106.patch
@@ -311,6 +311,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  domain_user_exemption_target(unconfined_t)
  allow system_r unconfined_r;
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.6.32/policy/modules/roles/xguest.te
+--- nsaserefpolicy/policy/modules/roles/xguest.te	2010-01-06 11:05:50.000000000 +0100
++++ serefpolicy-3.6.32/policy/modules/roles/xguest.te	2010-01-14 20:12:41.000000000 +0100
+@@ -15,7 +15,7 @@
+ 
+ ## <desc>
+ ## <p>
+-## Allow xguest to configure Network Manager
++## Allow xguest to configure Network Manager and connect to apache ports
+ ## </p>
+ ## </desc>
+ gen_tunable(xguest_connect_network, true)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.6.32/policy/modules/services/abrt.te
 --- nsaserefpolicy/policy/modules/services/abrt.te	2010-01-06 11:05:50.000000000 +0100
 +++ serefpolicy-3.6.32/policy/modules/services/abrt.te	2010-01-08 14:42:10.000000000 +0100
@@ -417,6 +429,200 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  ## <summary>
  ##	All of the rules required to administrate 
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.if serefpolicy-3.6.32/policy/modules/services/ftp.if
+--- nsaserefpolicy/policy/modules/services/ftp.if	2009-09-16 16:01:19.000000000 +0200
++++ serefpolicy-3.6.32/policy/modules/services/ftp.if	2010-01-15 12:37:45.000000000 +0100
+@@ -115,6 +115,43 @@
+ 	role $2 types ftpdctl_t;
+ ')
+ 
++######################################
++## <summary>
++##  Allow domain dyntransition to sftpd-anon domain.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++#
++interface(`ftp_dyntransition_sftpd_anon',`
++    gen_require(`
++        type anon_sftpd_t;
++    ')
++
++    allow $1 anon_sftpd_t:process dyntransition;
++')
++
++######################################
++## <summary>
++##  Allow domain dyntransition to sftpd domain.
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++#
++interface(`ftp_dyntransition_sftpd',`
++    gen_require(`
++        type sftpd_t;
++    ')
++
++    allow $1 sftpd_t:process dyntransition;
++	allow sftpd_t $1:process sigchld;
++')
++
+ ########################################
+ ## <summary>
+ ##	All of the rules required to administrate 
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.6.32/policy/modules/services/ftp.te
+--- nsaserefpolicy/policy/modules/services/ftp.te	2010-01-06 11:05:50.000000000 +0100
++++ serefpolicy-3.6.32/policy/modules/services/ftp.te	2010-01-15 12:44:47.000000000 +0100
+@@ -53,6 +53,39 @@
+ ## </desc>
+ gen_tunable(ftp_home_dir, false)
+ 
++## <desc>
++## <p>
++## Allow anon internal-sftp to upload files, used for 
++## public file transfer services. Directories must be labeled
++## public_content_rw_t.
++## </p>
++## </desc>
++gen_tunable(sftpd_anon_write, false)
++
++## <desc>
++## <p>
++## Allow sftp-internal to login to local users and 
++## read/write all files on the system, governed by DAC.
++## </p>
++## </desc>
++gen_tunable(sftpd_full_access, false)
++
++## <desc>
++## <p>
++## Allow interlnal-sftp to read and write files 
++## in the user ssh home directories.
++## </p>
++## </desc>
++gen_tunable(sftpd_write_ssh_home, false)
++
++## <desc>
++## <p>
++## Allow sftp-internal to read and write files 
++## in the user home directories
++## </p>
++## </desc>
++gen_tunable(sftp_enable_homedirs, false)
++
+ type ftpd_t;
+ type ftpd_exec_t;
+ init_daemon_domain(ftpd_t, ftpd_exec_t)
+@@ -93,6 +126,14 @@
+ 	init_ranged_daemon_domain(ftpd_t, ftpd_exec_t, mls_systemhigh)
+ ')
+ 
++type sftpd_t;
++domain_type(sftpd_t)
++role system_r types sftpd_t;
++
++type sftpd_anon_t;
++domain_type(sftpd_anon_t)
++role system_r types sftpd_anon_t;
++
+ ########################################
+ #
+ # ftpd local policy
+@@ -342,3 +383,76 @@
+ files_read_etc_files(ftpdctl_t)
+ 
+ userdom_use_user_terminals(ftpdctl_t)
++
++#######################################
++#
++# sftpd-anon local policy
++#
++
++files_read_etc_files(sftpd_anon_t)
++
++miscfiles_read_public_files(sftpd_anon_t)
++
++tunable_policy(`sftpd_anon_write',`
++	miscfiles_manage_public_files(sftpd_anon_t)
++')
++
++#######################################
++#
++# sftpd local policy
++#
++
++files_read_etc_files(sftpd_t)
++
++# allow read access to /home by default
++userdom_read_user_home_content_files(sftpd_t)
++userdom_read_user_home_content_symlinks(sftpd_t)
++userdom_dontaudit_list_admin_dir(sftpd_t)
++
++tunable_policy(`sftpd_full_access',`
++    allow sftpd_t self:capability { dac_override dac_read_search };
++    fs_read_noxattr_fs_files(sftpd_t)
++    auth_manage_all_files_except_shadow(sftpd_t)
++')
++
++tunable_policy(`sftpd_write_ssh_home',`
++    ssh_manage_user_home_files(sftpd_t)
++')
++
++tunable_policy(`sftp_enable_homedirs',`
++    allow sftpd_t self:capability { dac_override dac_read_search };
++
++	# allow access to /home
++	files_list_home(sftpd_t)
++    userdom_read_user_home_content_files(sftpd_t)
++    userdom_manage_user_home_content(sftpd_t)
++
++    auth_read_all_dirs_except_shadow(sftpd_t)
++    auth_read_all_files_except_shadow(sftpd_t)
++    auth_read_all_symlinks_except_shadow(sftpd_t)
++', `
++   # Needed for permissive mode, to make sure everything gets labeled correctly
++   userdom_user_home_dir_filetrans_pattern(sftpd_t, { dir file lnk_file })
++')
++
++tunable_policy(`sftp_enable_homedirs && use_nfs_home_dirs',`
++	fs_manage_nfs_dirs(sftpd_t)
++    fs_manage_nfs_files(sftpd_t)
++	fs_manage_nfs_symlinks(sftpd_t)
++')
++
++tunable_policy(`sftp_enable_homedirs && use_samba_home_dirs',`
++	fs_manage_cifs_dirs(sftpd_t)
++	fs_manage_cifs_files(sftpd_t)
++	fs_manage_cifs_symlinks(sftpd_t)
++')
++
++tunable_policy(`use_samba_home_dirs',`
++    fs_read_cifs_files(sftpd_t)
++    fs_read_cifs_symlinks(sftpd_t)
++')
++
++tunable_policy(`use_nfs_home_dirs',`
++    fs_read_nfs_files(sftpd_t)
++    fs_read_nfs_symlinks(ftpd_t)
++')   
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.te serefpolicy-3.6.32/policy/modules/services/git.te
+--- nsaserefpolicy/policy/modules/services/git.te	2010-01-06 11:05:50.000000000 +0100
++++ serefpolicy-3.6.32/policy/modules/services/git.te	2010-01-14 20:34:07.000000000 +0100
+@@ -73,7 +73,7 @@
+ #
+ 
+ allow gitd_type self:fifo_file rw_fifo_file_perms;
+-allow gitd_type self:tcp_socket create_socket_perms;
++allow gitd_type self:tcp_socket create_stream_socket_perms;
+ allow gitd_type self:udp_socket create_socket_perms;
+ allow gitd_type self:unix_dgram_socket create_socket_perms;
+ 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.6.32/policy/modules/services/nagios.fc
 --- nsaserefpolicy/policy/modules/services/nagios.fc	2010-01-06 11:05:50.000000000 +0100
 +++ serefpolicy-3.6.32/policy/modules/services/nagios.fc	2010-01-11 12:37:36.000000000 +0100
@@ -621,18 +827,112 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	All of the rules required to administrate 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.6.32/policy/modules/services/ssh.te
 --- nsaserefpolicy/policy/modules/services/ssh.te	2010-01-06 11:05:50.000000000 +0100
-+++ serefpolicy-3.6.32/policy/modules/services/ssh.te	2010-01-12 18:08:14.000000000 +0100
-@@ -477,8 +477,8 @@
++++ serefpolicy-3.6.32/policy/modules/services/ssh.te	2010-01-15 12:33:14.000000000 +0100
+@@ -8,31 +8,6 @@
+ 
+ ## <desc>
+ ## <p>
+-## Allow sftp to upload files, used for public file
+-## transfer services. Directories must be labeled
+-## public_content_rw_t.
+-## </p>
+-## </desc>
+-gen_tunable(allow_sftpd_anon_write, false)
+-
+-## <desc>
+-## <p>
+-## Allow sftp to login to local users and 
+-## read/write all files on the system, governed by DAC.
+-## </p>
+-## </desc>
+-gen_tunable(allow_sftpd_full_access, false)
+-
+-## <desc>
+-## <p>
+-## Allow interlnal-sftp to read and write files 
+-## in the user ssh home directories.
+-## </p>
+-## </desc>
+-gen_tunable(sftpd_ssh_home_dir, false)
+-
+-## <desc>
+-## <p>
+ ## allow host key based authentication
+ ## </p>
+ ## </desc>
+@@ -69,10 +44,6 @@
+ type sshd_tmpfs_t;
+ files_tmpfs_file(sshd_tmpfs_t)
+ 
+-type sftpd_t;
+-domain_type(sftpd_t)
+-role system_r types sftpd_t;
+-
+ ifdef(`enable_mcs',`
+ 	init_ranged_daemon_domain(sshd_t, sshd_exec_t, s0 - mcs_systemhigh)
+ ')
+@@ -361,6 +332,11 @@
+ ')
+ 
+ optional_policy(`
++    ftp_dyntransition_sftpd(sshd_t)
++    ftp_dyntransition_sftpd_anon(sshd_t)
++')
++
++optional_policy(`
+ 	gitosis_manage_var_lib(sshd_t)
+ ')
  
- ssh_sigchld(sftpd_t)
+@@ -468,49 +444,3 @@
+ 	udev_read_db(ssh_keygen_t)
+ ')
  
+-#######################################
+-#
+-# sftp Local policy
+-#
+-
+-allow ssh_server sftpd_t:process dyntransition;
+-
+-ssh_sigchld(sftpd_t)
+-
 -files_read_all_files(sftpd_t)
 -files_read_all_symlinks(sftpd_t)
-+auth_read_all_files_except_shadow(sftpd_t)
-+auth_read_all_symlinks_except_shadow(sftpd_t)
- 
- fs_read_noxattr_fs_files(sftpd_t)
- fs_read_nfs_files(sftpd_t)
+-
+-fs_read_noxattr_fs_files(sftpd_t)
+-fs_read_nfs_files(sftpd_t)
+-fs_read_cifs_files(sftpd_t)
+-
+-# allow access to /home by default
+-userdom_manage_user_home_content_dirs(sftpd_t)
+-userdom_manage_user_home_content_files(sftpd_t)
+-userdom_manage_user_home_content_symlinks(sftpd_t)
+-
+-userdom_user_home_dir_filetrans_pattern(sftpd_t, { dir file lnk_file })
+-
+-tunable_policy(`allow_sftpd_anon_write',`
+-    miscfiles_manage_public_files(sftpd_t)
+-')
+-
+-tunable_policy(`allow_sftpd_full_access',`
+-    allow sftpd_t self:capability { dac_override dac_read_search };
+-    fs_read_noxattr_fs_files(sftpd_t)
+-    auth_manage_all_files_except_shadow(sftpd_t)
+-')
+-
+-tunable_policy(`sftpd_ssh_home_dir',`
+-    ssh_manage_user_home_files(sftpd_t)
+-')
+-
+-tunable_policy(`use_nfs_home_dirs',`
+-    fs_manage_nfs_dirs(sftpd_t)
+-    fs_manage_nfs_files(sftpd_t)
+-')
+-
+-tunable_policy(`use_samba_home_dirs',`
+-    fs_manage_cifs_dirs(sftpd_t)
+-    fs_manage_cifs_files(sftpd_t)
+-')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.if serefpolicy-3.6.32/policy/modules/services/sssd.if
 --- nsaserefpolicy/policy/modules/services/sssd.if	2010-01-06 11:05:50.000000000 +0100
 +++ serefpolicy-3.6.32/policy/modules/services/sssd.if	2010-01-11 13:46:50.000000000 +0100
@@ -723,10 +1023,35 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  domain_use_interactive_fds(xauth_t)
  
  dev_rw_xserver_misc(xauth_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplug.te serefpolicy-3.6.32/policy/modules/system/hotplug.te
+--- nsaserefpolicy/policy/modules/system/hotplug.te	2009-09-16 16:01:19.000000000 +0200
++++ serefpolicy-3.6.32/policy/modules/system/hotplug.te	2010-01-14 20:30:58.000000000 +0100
+@@ -125,6 +125,10 @@
+ ')
+ 
+ optional_policy(`
++	brctl_domtrans(hotplug_t)
++')
++
++optional_policy(`
+ 	consoletype_exec(hotplug_t)
+ ')
+ 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.6.32/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2010-01-06 11:05:50.000000000 +0100
-+++ serefpolicy-3.6.32/policy/modules/system/init.te	2010-01-12 13:43:28.000000000 +0100
-@@ -872,6 +872,7 @@
++++ serefpolicy-3.6.32/policy/modules/system/init.te	2010-01-15 12:26:30.000000000 +0100
+@@ -212,6 +212,10 @@
+ ')
+ 
+ optional_policy(`
++	dbus_system_bus_client(init_t)
++')
++
++optional_policy(`
+ 	# /var/run/dovecot/login/ssl-parameters.dat is a hard link to
+ 	# /var/lib/dovecot/ssl-parameters.dat and init tries to clean up
+ 	# the directory. But we do not want to allow this.
+@@ -872,6 +876,7 @@
  
  optional_policy(`
  	unconfined_domain(initrc_t)
@@ -830,6 +1155,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.6.32/policy/modules/system/selinuxutil.te
+--- nsaserefpolicy/policy/modules/system/selinuxutil.te	2010-01-06 11:05:51.000000000 +0100
++++ serefpolicy-3.6.32/policy/modules/system/selinuxutil.te	2010-01-15 12:28:55.000000000 +0100
+@@ -190,6 +190,7 @@
+ 
+ init_use_script_fds(load_policy_t)
+ init_use_script_ptys(load_policy_t)
++init_write_script_pipes(load_policy_t)
+ 
+ miscfiles_read_localization(load_policy_t)
+ 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.6.32/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2010-01-06 11:05:51.000000000 +0100
 +++ serefpolicy-3.6.32/policy/modules/system/unconfined.if	2010-01-08 16:35:49.000000000 +0100
@@ -909,6 +1245,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  #
  # Xen store local policy
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.6.32/policy/support/obj_perm_sets.spt
+--- nsaserefpolicy/policy/support/obj_perm_sets.spt	2010-01-06 11:05:51.000000000 +0100
++++ serefpolicy-3.6.32/policy/support/obj_perm_sets.spt	2010-01-15 12:24:53.000000000 +0100
+@@ -28,7 +28,7 @@
+ #
+ # All socket classes.
+ #
+-define(`socket_class_set', `{ tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket }')
++define(`socket_class_set', `{ tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket }')
+ 
+ 
+ #
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.6.32/policy/users
 --- nsaserefpolicy/policy/users	2010-01-06 11:05:51.000000000 +0100
 +++ serefpolicy-3.6.32/policy/users	2010-01-12 13:48:30.000000000 +0100
diff --git a/selinux-policy.spec b/selinux-policy.spec
index f5c7630..648a512 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.32
-Release: 70%{?dist}
+Release: 71%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -456,6 +456,10 @@ exit 0
 %endif
 
 %changelog
+* Fri Jan 15 2010 Miroslav Grepl <mgrepl@redhat.com> 3.6.32-71
+- Allow hotplug to transition to brctl domain
+- Fixes for sftpd
+
 * Tue Jan 12 2010 Miroslav Grepl <mgrepl@redhat.com> 3.6.32-70
 - Move users file to selection by spec file.
 - Allow vncserver to run as unconfined_u:unconfined_r:unconfined_t